System/Kernel
PS C:\xampp\htdocs\shenzi> cmd /c ver
Microsoft Windows [Version 10.0.19042.1526]
PS C:\xampp\htdocs\shenzi> systeminfo ; Get-ComputerInfo
Host Name: SHENZI
OS Name: Microsoft Windows 10 Pro
OS Version: 10.0.19042 N/A Build 19042
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: admin
Registered Organization:
Product ID: 00331-10000-00001-AA808
Original Install Date: 12/3/2021, 8:19:53 AM
System Boot Time: 8/2/2024, 1:10:20 PM
System Manufacturer: VMware, Inc.
System Model: VMware7,1
System Type: x64-based PC
Processor(s): 2 Processor(s) Installed.
[01]: AMD64 Family 25 Model 1 Stepping 1 AuthenticAMD ~2650 Mhz
[02]: AMD64 Family 25 Model 1 Stepping 1 AuthenticAMD ~2650 Mhz
BIOS Version: VMware, Inc. VMW71.00V.21100432.B64.2301110304, 1/11/2023
Windows Directory: C:\WINDOWS
System Directory: C:\WINDOWS\system32
Boot Device: \Device\HarddiskVolume2
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (UTC-08:00) Pacific Time (US & Canada)
Total Physical Memory: 4,095 MB
Available Physical Memory: 2,132 MB
Virtual Memory: Max Size: 4,799 MB
Virtual Memory: Available: 2,522 MB
Virtual Memory: In Use: 2,277 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: \\SHENZI
Hotfix(s): 6 Hotfix(s) Installed.
[01]: KB5007289
[02]: KB4562830
[03]: KB5010342
[04]: KB5006753
[05]: KB5007273
[06]: KB5011352
Network Card(s): 1 NIC(s) Installed.
[01]: vmxnet3 Ethernet Adapter
Connection Name: Ethernet0
DHCP Enabled: No
IP address(es)
[01]: 192.168.167.55
Hyper-V Requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.
WindowsBuildLabEx : 19041.1.amd64fre.vb_release.191206-1406
WindowsCurrentVersion : 6.3
WindowsEditionId : Professional
WindowsInstallationType : Client
WindowsInstallDateFromRegistry : 12/3/2021 4:19:53 PM
WindowsProductId : 00331-10000-00001-AA808
WindowsProductName : Windows 10 Pro
WindowsRegisteredOrganization :
WindowsRegisteredOwner : admin
WindowsSystemRoot : C:\WINDOWS
WindowsVersion : 2009
BiosCharacteristics : {4, 7, 9, 11...}
BiosBIOSVersion : {INTEL - 6040000, VMW71.00V.21100432.B64.2301110304,
VMware, Inc. - 10000}
BiosBuildNumber :
BiosCaption : VMW71.00V.21100432.B64.2301110304
BiosCodeSet :
BiosCurrentLanguage :
BiosDescription : VMW71.00V.21100432.B64.2301110304
BiosEmbeddedControllerMajorVersion : 255
BiosEmbeddedControllerMinorVersion : 255
BiosFirmwareType : Uefi
BiosIdentificationCode :
BiosInstallableLanguages :
BiosInstallDate :
BiosLanguageEdition :
BiosListOfLanguages :
BiosManufacturer : VMware, Inc.
BiosName : VMW71.00V.21100432.B64.2301110304
BiosOtherTargetOS :
BiosPrimaryBIOS : True
BiosReleaseDate : 1/10/2023 4:00:00 PM
BiosSeralNumber : VMware-42 1e bb 49 20 f4 3f 7b-c1 dd df a1 6d 79 9d df
BiosSMBIOSBIOSVersion : VMW71.00V.21100432.B64.2301110304
BiosSMBIOSMajorVersion : 2
BiosSMBIOSMinorVersion : 7
BiosSMBIOSPresent : True
BiosSoftwareElementState : Running
BiosStatus : OK
BiosSystemBiosMajorVersion : 255
BiosSystemBiosMinorVersion : 255
BiosTargetOperatingSystem : 0
BiosVersion : INTEL - 6040000
CsAdminPasswordStatus : Enabled
CsAutomaticManagedPagefile : True
CsAutomaticResetBootOption : True
CsAutomaticResetCapability : True
CsBootOptionOnLimit : DoNotReboot
CsBootOptionOnWatchDog : DoNotReboot
CsBootROMSupported : True
CsBootStatus : {0, 0, 0, 33...}
CsBootupState : Normal boot
CsCaption : SHENZI
CsChassisBootupState : Safe
CsChassisSKUNumber :
CsCurrentTimeZone : -420
CsDaylightInEffect : True
CsDescription : AT/AT COMPATIBLE
CsDNSHostName : shenzi
CsDomain : WORKGROUP
CsDomainRole : StandaloneWorkstation
CsEnableDaylightSavingsTime : True
CsFrontPanelResetStatus : Unknown
CsHypervisorPresent : True
CsInfraredSupported : False
CsInitialLoadInfo :
CsInstallDate :
CsKeyboardPasswordStatus : Unknown
CsLastLoadInfo :
CsManufacturer : VMware, Inc.
CsModel : VMware7,1
CsName : SHENZI
CsNetworkAdapters : {Ethernet0}
CsNetworkServerModeEnabled : True
CsNumberOfLogicalProcessors : 2
CsNumberOfProcessors : 2
CsProcessors : {AMD EPYC 7413 24-Core Processor , AMD EPYC
7413 24-Core Processor }
CsOEMStringArray : {[MS_VM_CERT/SHA1/27d66596a61c48dd3dc7216fd715126e33f59ae7],
Welcome to the Virtual Machine}
CsPartOfDomain : False
CsPauseAfterReset : 3932100000
CsPCSystemType : Desktop
CsPCSystemTypeEx : Desktop
CsPowerManagementCapabilities :
CsPowerManagementSupported :
CsPowerOnPasswordStatus : Disabled
CsPowerState : Unknown
CsPowerSupplyState : Safe
CsPrimaryOwnerContact :
CsPrimaryOwnerName : admin
CsResetCapability : Other
CsResetCount : -1
CsResetLimit : -1
CsRoles : {LM_Workstation, LM_Server, NT}
CsStatus : OK
CsSupportContactDescription :
CsSystemFamily :
CsSystemSKUNumber :
CsSystemType : x64-based PC
CsThermalState : Safe
CsTotalPhysicalMemory : 4293943296
CsPhyicallyInstalledMemory : 4194304
CsUserName : SHENZI\shenzi
CsWakeUpType : PowerSwitch
CsWorkgroup : WORKGROUP
OsName : Microsoft Windows 10 Pro
OsType : WINNT
OsOperatingSystemSKU : 48
OsVersion : 10.0.19042
OsCSDVersion :
OsBuildNumber : 19042
OsHotFixes : {KB5007289, KB4562830, KB5010342, KB5006753...}
OsBootDevice : \Device\HarddiskVolume2
OsSystemDevice : \Device\HarddiskVolume4
OsSystemDirectory : C:\WINDOWS\system32
OsSystemDrive : C:
OsWindowsDirectory : C:\WINDOWS
OsCountryCode : 1
OsCurrentTimeZone : -480
OsLocaleID : 0409
OsLocale : en-US
OsLocalDateTime : 4/14/2025 12:43:33 PM
OsLastBootUpTime : 8/2/2024 2:10:20 PM
OsUptime : 254.22:33:13.1826002
OsBuildType : Multiprocessor Free
OsCodeSet : 1252
OsDataExecutionPreventionAvailable : True
OsDataExecutionPrevention32BitApplications : True
OsDataExecutionPreventionDrivers : True
OsDataExecutionPreventionSupportPolicy : OptIn
OsDebug : False
OsDistributed : False
OsEncryptionLevel : 256
OsForegroundApplicationBoost : Maximum
OsTotalVisibleMemorySize : 4193304
OsFreePhysicalMemory : 2174544
OsTotalVirtualMemorySize : 4914200
OsFreeVirtualMemory : 2569656
OsInUseVirtualMemory : 2344544
OsTotalSwapSpaceSize :
OsSizeStoredInPagingFiles : 720896
OsFreeSpaceInPagingFiles : 713476
OsPagingFiles : {C:\pagefile.sys}
OsHardwareAbstractionLayer : 10.0.19041.1503
OsInstallDate : 12/3/2021 8:19:53 AM
OsManufacturer : Microsoft Corporation
OsMaxNumberOfProcesses : 4294967295
OsMaxProcessMemorySize : 137438953344
OsMuiLanguages : {en-US}
OsNumberOfLicensedUsers :
OsNumberOfProcesses : 125
OsNumberOfUsers : 5
OsOrganization :
OsArchitecture : 64-bit
OsLanguage : en-US
OsProductSuites : {TerminalServicesSingleSession}
OsOtherTypeDescription :
OsPAEEnabled :
OsPortableOperatingSystem : False
OsPrimary : True
OsProductType : WorkStation
OsRegisteredUser : admin
OsSerialNumber : 00331-10000-00001-AA808
OsServicePackMajorVersion : 0
OsServicePackMinorVersion : 0
OsStatus : OK
OsSuites : {TerminalServices, TerminalServicesSingleSession}
OsServerLevel :
KeyboardLayout : en-US
TimeZone : (UTC-08:00) Pacific Time (US & Canada)
LogonServer : \\SHENZI
PowerPlatformRole : Desktop
HyperVisorPresent : True
HyperVRequirementDataExecutionPreventionAvailable :
HyperVRequirementSecondLevelAddressTranslation :
HyperVRequirementVirtualizationFirmwareEnabled :
HyperVRequirementVMMonitorModeExtensions :
DeviceGuardSmartStatus : Off
DeviceGuardRequiredSecurityProperties :
DeviceGuardAvailableSecurityProperties :
DeviceGuardSecurityServicesConfigured :
DeviceGuardSecurityServicesRunning :
DeviceGuardCodeIntegrityPolicyEnforcementStatus :
DeviceGuardUserModeCodeIntegrityPolicyEnforcementStatus : Microsoft Windows [Version 10.0.19042.1526]OS Name: Microsoft Windows 10 ProRegistered Owner: adminSystem Type: x64-based PCProcessor(s): 2 Processor(s) Installed.Hotfix(s): 6 Hotfix(s) Installed.[01]: KB5007289[02]: KB4562830[03]: KB5010342[04]: KB5006753[05]: KB5007273[06]: KB5011352
Networks
PS C:\xampp\htdocs\shenzi> ipconfig /all ; arp -a ; print route
Windows IP Configuration
Host Name . . . . . . . . . . . . : shenzi
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : vmxnet3 Ethernet Adapter
Physical Address. . . . . . . . . : 00-50-56-9E-19-85
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.167.55(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.167.254
DNS Servers . . . . . . . . . . . : 192.168.167.254
NetBIOS over Tcpip. . . . . . . . : Enabled
Interface: 192.168.167.55 --- 0xb
Internet Address Physical Address Type
192.168.167.254 00-50-56-9e-df-ab dynamic
192.168.167.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.251 01-00-5e-00-00-fb static
224.0.0.252 01-00-5e-00-00-fc static
239.255.255.250 01-00-5e-7f-ff-fa static
255.255.255.255 ff-ff-ff-ff-ff-ff static
Unable to initialize device PRNPS C:\xampp\htdocs\shenzi> netstat -ano | Select-String LIST
TCP 0.0.0.0:21 0.0.0.0:0 LISTENING 7568
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 7492
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 876
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 7492
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING 7552
TCP 0.0.0.0:5040 0.0.0.0:0 LISTENING 5564
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 656
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 504
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 668
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 1260
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 640
TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING 2328
TCP 127.0.0.1:14147 0.0.0.0:0 LISTENING 7568
TCP 192.168.167.55:139 0.0.0.0:0 LISTENING 4
TCP [::]:21 [::]:0 LISTENING 7568
TCP [::]:80 [::]:0 LISTENING 7492
TCP [::]:135 [::]:0 LISTENING 876
TCP [::]:443 [::]:0 LISTENING 7492
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:3306 [::]:0 LISTENING 7552
TCP [::]:49664 [::]:0 LISTENING 656
TCP [::]:49665 [::]:0 LISTENING 504
TCP [::]:49666 [::]:0 LISTENING 668
TCP [::]:49667 [::]:0 LISTENING 1260
TCP [::]:49668 [::]:0 LISTENING 640
TCP [::]:49669 [::]:0 LISTENING 2328
TCP [::1]:14147 [::]:0 LISTENING 7568 TCP 127.0.0.1:14147 0.0.0.0:0 LISTENING 7568
Users & Groups
PS C:\xampp\htdocs\shenzi> net users ; ls C:\Users
User accounts for \\SHENZI
-------------------------------------------------------------------------------
Administrator DefaultAccount Guest
shenzi WDAGUtilityAccount
The command completed successfully.
Directory: C:\Users
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 12/3/2021 8:30 AM Administrator
d-r--- 12/3/2021 8:08 AM Public
d----- 4/12/2022 10:37 AM shenziPS C:\xampp\htdocs\shenzi> net localgroup ; net group /DOMAIN
System error 1355 has occurred.
The specified domain either does not exist or could not be contacted.
up /DOMAIN
Aliases for \\SHENZI
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Administrators
*Backup Operators
*Cryptographic Operators
*Device Owners
*Distributed COM Users
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Power Users
*Remote Desktop Users
*Remote Management Users
*Replicator
*System Managed Accounts Group
*Users
The command completed successfully.
The request will be processed at a domain controller for domain WORKGROUP.Processes
PS C:\xampp\htdocs\shenzi> cmd /c tasklist /svc ; ps
Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
Registry 92 N/A
smss.exe 324 N/A
csrss.exe 432 N/A
wininit.exe 504 N/A
csrss.exe 520 N/A
winlogon.exe 600 N/A
services.exe 640 N/A
lsass.exe 656 KeyIso, SamSs, VaultSvc
svchost.exe 760 BrokerInfrastructure, DcomLaunch, PlugPlay,
Power, SystemEventsBroker
fontdrvhost.exe 788 N/A
fontdrvhost.exe 796 N/A
svchost.exe 876 RpcEptMapper, RpcSs
svchost.exe 924 LSM
dwm.exe 964 N/A
svchost.exe 1008 DsmSvc
svchost.exe 420 NcbService
svchost.exe 668 EventLog
svchost.exe 1084 ProfSvc
svchost.exe 1100 EventSystem
svchost.exe 1108 SysMain
svchost.exe 1120 Themes
Memory Compression 1216 N/A
svchost.exe 1260 Schedule
svchost.exe 1312 TimeBrokerSvc
svchost.exe 1340 SENS
svchost.exe 1392 nsi
svchost.exe 1412 AudioEndpointBuilder
svchost.exe 1428 FontCache
svchost.exe 1456 Dhcp
svchost.exe 1524 NlaSvc
svchost.exe 1556 SEMgrSvc
svchost.exe 1612 netprofm
svchost.exe 1800 Audiosrv
svchost.exe 1856 WinHttpAutoProxySvc
svchost.exe 1908 Dnscache
svchost.exe 1956 DusmSvc
svchost.exe 1964 Wcmsvc
svchost.exe 2024 ShellHWDetection
svchost.exe 2096 BFE, mpssvc
svchost.exe 2108 LanmanWorkstation
svchost.exe 2200 UserManager
svchost.exe 2320 IKEEXT
svchost.exe 2328 PolicyAgent
svchost.exe 2468 CryptSvc
svchost.exe 2476 CoreMessagingRegistrar
svchost.exe 2484 DiagTrack
svchost.exe 2496 DPS
svchost.exe 2516 Winmgmt
svchost.exe 2564 LanmanServer
svchost.exe 2584 SstpSvc
svchost.exe 2604 TrkWks
VGAuthService.exe 2612 VGAuthService
vmtoolsd.exe 2624 VMTools
svchost.exe 2652 WpnService
svchost.exe 2736 iphlpsvc
svchost.exe 2780 WdiServiceHost
svchost.exe 2896 RasMan
dllhost.exe 3112 COMSysApp
WmiPrvSE.exe 3164 N/A
msdtc.exe 3408 MSDTC
svchost.exe 3940 DispBrokerDesktopSvc
svchost.exe 2004 wuauserv
svchost.exe 4216 BITS
svchost.exe 4268 SSDPSRV
svchost.exe 4352 StateRepository
svchost.exe 4536 PcaSvc
svchost.exe 4748 RmSvc
sihost.exe 1148 N/A
svchost.exe 4856 CDPUserSvc_98e8a
svchost.exe 4860 WpnUserService_98e8a
MicrosoftEdgeUpdate.exe 1476 N/A
taskhostw.exe 1796 N/A
svchost.exe 5140 TabletInputService
svchost.exe 5180 TokenBroker
ctfmon.exe 5208 N/A
explorer.exe 5460 N/A
svchost.exe 5564 CDPSvc
svchost.exe 6044 cbdhsvc_98e8a
StartMenuExperienceHost.e 5760 N/A
RuntimeBroker.exe 1752 N/A
SearchApp.exe 5336 N/A
SearchIndexer.exe 6204 WSearch
RuntimeBroker.exe 6308 N/A
svchost.exe 6588 LicenseManager
svchost.exe 7156 OneSyncSvc_98e8a,
PimIndexMaintenanceSvc_98e8a,
UnistoreSvc_98e8a, UserDataSvc_98e8a
svchost.exe 4044 PhoneSvc
vmtoolsd.exe 728 N/A
OneDrive.exe 6200 N/A
xampp-control.exe 6600 N/A
httpd.exe 7492 N/A
mysqld.exe 7552 N/A
FileZillaServer.exe 7568 N/A
conhost.exe 7576 N/A
httpd.exe 7760 N/A
dllhost.exe 5128 N/A
RuntimeBroker.exe 7776 N/A
svchost.exe 2032 StorSvc
SgrmBroker.exe 7120 SgrmBroker
svchost.exe 7344 UsoSvc
svchost.exe 4020 W32Time
svchost.exe 4988 wscsvc
svchost.exe 2696 Netman
svchost.exe 8964 lmhosts
svchost.exe 392 InstallService
YourPhone.exe 6740 N/A
RuntimeBroker.exe 8892 N/A
SecurityHealthService.exe 9120 SecurityHealthService
ShellExperienceHost.exe 8392 N/A
RuntimeBroker.exe 7580 N/A
taskhostw.exe 4844 N/A
svchost.exe 8904 DsSvc
UserOOBEBroker.exe 6836 N/A
taskhostw.exe 8988 N/A
svchost.exe 5280 WbioSrvc
svchost.exe 2920 ClipSVC
svchost.exe 8200 wlidsvc
cmd.exe 3144 N/A
conhost.exe 5532 N/A
cmd.exe 3628 N/A
powershell.exe 7292 N/A
svchost.exe 7176 AppXSvc
RuntimeBroker.exe 8772 N/A
MoUsoCoreWorker.exe 1984 N/A
svchost.exe 376 WaaSMedicSvc
cmd.exe 8680 N/A
tasklist.exe 2172 N/A
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
74 5 2224 3812 0.00 3144 1 cmd
80 5 2276 4164 0.02 3628 1 cmd
105 7 6328 10676 0.05 5532 1 conhost
126 10 6660 14284 0.02 7576 1 conhost
511 20 1704 5220 432 0 csrss
442 15 1760 5156 520 1 csrss
388 15 3552 14952 0.09 5208 1 ctfmon
259 14 3784 13696 3112 0 dllhost
201 13 2448 11064 0.05 5128 1 dllhost
771 33 26596 55400 964 1 dwm
1689 65 26588 96064 3.03 5460 1 explorer
129 14 2108 7236 31.80 7568 1 FileZillaServer
37 7 2120 6312 788 1 fontdrvhost
37 6 1688 4352 796 0 fontdrvhost
158 28 9440 18984 0.19 7492 1 httpd
998 113 660548 352864 1,496.45 7760 1 httpd
0 0 60 8 0 0 Idle
1250 26 7108 19860 656 0 lsass
0 0 112 3360 1216 0 Memory Compression
214 13 1904 244 1476 0 MicrosoftEdgeUpdate
267 17 4180 16872 1984 0 MoUsoCoreWorker
224 13 3560 10212 3408 0 msdtc
181 16 212412 33356 0.67 7552 1 mysqld
659 40 17940 68424 1.39 6200 1 OneDrive
1100 31 89560 101840 0.80 7292 1 powershell
0 14 3380 21100 92 0 Registry
336 18 6312 27188 0.53 1752 1 RuntimeBroker
313 16 5168 22184 0.25 6308 1 RuntimeBroker
211 11 2524 16820 0.05 7580 1 RuntimeBroker
237 13 2420 13852 0.13 7776 1 RuntimeBroker
298 17 4584 21868 0.05 8772 1 RuntimeBroker
161 10 2116 13656 0.06 8892 1 RuntimeBroker
1097 74 53168 108216 2.00 5336 1 SearchApp
712 37 20120 29480 6204 0 SearchIndexer
285 13 3004 12776 9120 0 SecurityHealthService
627 12 5164 10200 640 0 services
105 8 4264 7260 7120 0 SgrmBroker
541 25 9756 42352 0.19 8392 1 ShellExperienceHost
519 18 5968 26024 4.13 1148 1 sihost
53 3 1076 1200 324 0 smss
628 29 20464 65364 0.84 5760 1 StartMenuExperienceHost
153 9 1812 7556 376 0 svchost
322 18 5712 25552 392 0 svchost
213 12 2352 10104 420 0 svchost
418 13 13548 16724 668 0 svchost
1513 22 11280 28980 760 0 svchost
1094 18 7292 14572 876 0 svchost
249 10 2024 7348 924 0 svchost
353 16 4248 13600 1008 0 svchost
249 13 3148 13964 1084 0 svchost
434 9 2900 9024 1100 0 svchost
245 16 51300 61812 1108 0 svchost
168 7 1280 5780 1120 0 svchost
417 18 6308 15936 1260 0 svchost
290 10 2212 12164 1312 0 svchost
174 10 1844 8320 1340 0 svchost
131 19 4444 8536 1392 0 svchost
142 9 1508 7324 1412 0 svchost
162 10 1916 8312 1428 0 svchost
219 10 2036 7304 1456 0 svchost
402 14 4256 12240 1524 0 svchost
231 12 2428 11784 1556 0 svchost
400 12 2784 9420 1612 0 svchost
205 10 1984 8836 1800 0 svchost
173 9 1932 7480 1856 0 svchost
266 12 2624 7980 1908 0 svchost
128 9 1600 6404 1956 0 svchost
382 13 2464 10116 1964 0 svchost
596 70 15104 26780 2004 0 svchost
196 12 2068 12460 2024 0 svchost
219 12 2548 11628 2032 0 svchost
414 32 8360 17632 2096 0 svchost
185 11 1964 8132 2108 0 svchost
248 10 2504 9788 2200 0 svchost
264 13 2544 8068 2320 0 svchost
167 12 1680 7384 2328 0 svchost
465 28 29656 39760 2468 0 svchost
144 7 1372 6036 2476 0 svchost
513 25 18744 34960 2484 0 svchost
323 18 27308 32184 2496 0 svchost
473 17 12764 22524 2516 0 svchost
214 12 2364 9268 2564 0 svchost
130 9 1556 6736 2584 0 svchost
125 7 1260 5644 2604 0 svchost
306 15 3936 18928 2652 0 svchost
201 12 2256 11332 2696 0 svchost
370 15 2716 10872 2736 0 svchost
103 7 1356 5456 2780 0 svchost
383 23 3336 12700 2896 0 svchost
120 7 2480 7668 2920 0 svchost
123 8 1404 7416 3940 0 svchost
209 13 1736 7716 4020 0 svchost
195 11 1928 9360 4044 0 svchost
456 30 9720 19996 4216 0 svchost
217 13 2004 7504 4268 0 svchost
184 10 7144 15856 4352 0 svchost
237 12 4124 9592 4536 0 svchost
199 11 1904 8592 4748 0 svchost
299 14 3992 17164 0.06 4856 1 svchost
444 23 8268 34548 0.72 4860 1 svchost
216 13 2496 10152 4988 0 svchost
168 9 1800 8200 5140 0 svchost
325 13 3556 19156 5180 0 svchost
219 13 2888 11916 5280 0 svchost
407 82 5164 16660 5564 0 svchost
234 12 2992 16928 0.20 6044 1 svchost
190 12 2796 15548 6588 0 svchost
468 27 7244 25604 0.28 7156 1 svchost
124 8 1668 7248 7176 0 svchost
210 12 2564 9176 7344 0 svchost
371 17 4252 15384 8200 0 svchost
200 15 6168 9968 8904 0 svchost
109 7 1240 5560 8964 0 svchost
2197 0 192 140 4 0 System
261 28 5604 15500 0.28 1796 1 taskhostw
235 13 2928 15764 0.05 4844 1 taskhostw
332 19 5376 16624 0.13 8988 1 taskhostw
138 10 1992 9376 0.02 6836 1 UserOOBEBroker
178 11 3016 10488 2612 0 VGAuthService
262 18 3924 16544 8.22 728 1 vmtoolsd
397 21 9456 22768 2624 0 vmtoolsd
162 11 1368 7004 504 0 wininit
283 12 2716 13176 600 1 winlogon
360 18 9424 20072 3164 0 WmiPrvSE
238 17 6020 18092 1.92 6600 1 xampp-control
563 41 21592 17484 0.19 6740 1 YourPhone xampp-control.exehttpd.exemysqld.exeFileZillaServer.exe
Tasks
PS C:\xampp\htdocs\shenzi> Get-ScheduledTask | where {$_.TaskPath -notlike "\Microsoft*" } | ft TaskName,TaskPath,State
TaskName TaskPath State
-------- -------- -----
OneDrive Reporting Task-S-1-5-21-2141929748-2461147466-4258878046-1002 \ Ready
OneDrive Standalone Update Task-S-1-5-21-2141929748-2461147466-4258878046-1002 \ Ready
PS C:\xampp\htdocs\shenzi> cmd /c schtasks /QUERY /FO TABLE
Folder: \
TaskName Next Run Time Status
======================================== ====================== ===============
OneDrive Reporting Task-S-1-5-21-2141929 4/15/2025 11:28:57 AM Ready
OneDrive Standalone Update Task-S-1-5-21 4/15/2025 10:46:59 AM Ready
Folder: \Microsoft
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\OneCore
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\.NET Framework
TaskName Next Run Time Status
======================================== ====================== ===============
.NET Framework NGEN v4.0.30319 N/A Ready
.NET Framework NGEN v4.0.30319 64 N/A Ready
.NET Framework NGEN v4.0.30319 64 Critic N/A Disabled
.NET Framework NGEN v4.0.30319 Critical N/A Disabled
Folder: \Microsoft\Windows\Active Directory Rights Management Services Client
TaskName Next Run Time Status
======================================== ====================== ===============
AD RMS Rights Policy Template Management N/A Disabled
AD RMS Rights Policy Template Management N/A Ready
Folder: \Microsoft\Windows\AppID
TaskName Next Run Time Status
======================================== ====================== ===============
PolicyConverter N/A Disabled
VerifiedPublisherCertStoreCheck N/A Disabled
Folder: \Microsoft\Windows\Application Experience
TaskName Next Run Time Status
======================================== ====================== ===============
Microsoft Compatibility Appraiser 4/15/2025 4:59:16 AM Ready
PcaPatchDbTask 4/14/2025 4:00:14 PM Ready
ProgramDataUpdater N/A Ready
StartupAppTask N/A Ready
Folder: \Microsoft\Windows\ApplicationData
TaskName Next Run Time Status
======================================== ====================== ===============
appuriverifierdaily N/A Ready
appuriverifierinstall N/A Ready
CleanupTemporaryState N/A Ready
DsSvcCleanup N/A Ready
Folder: \Microsoft\Windows\AppListBackup
TaskName Next Run Time Status
======================================== ====================== ===============
Backup N/A Ready
Folder: \Microsoft\Windows\AppxDeploymentClient
TaskName Next Run Time Status
======================================== ====================== ===============
Pre-staged app cleanup N/A Disabled
Folder: \Microsoft\Windows\Autochk
TaskName Next Run Time Status
======================================== ====================== ===============
Proxy N/A Ready
Folder: \Microsoft\Windows\BitLocker
TaskName Next Run Time Status
======================================== ====================== ===============
BitLocker Encrypt All Drives N/A Ready
BitLocker MDM policy Refresh N/A Ready
Folder: \Microsoft\Windows\Bluetooth
TaskName Next Run Time Status
======================================== ====================== ===============
UninstallDeviceTask N/A Ready
Folder: \Microsoft\Windows\BrokerInfrastructure
TaskName Next Run Time Status
======================================== ====================== ===============
BgTaskRegistrationMaintenanceTask N/A Ready
Folder: \Microsoft\Windows\CertificateServicesClient
TaskName Next Run Time Status
======================================== ====================== ===============
UserTask N/A Ready
UserTask-Roam N/A Ready
Folder: \Microsoft\Windows\Chkdsk
TaskName Next Run Time Status
======================================== ====================== ===============
ProactiveScan N/A Ready
SyspartRepair N/A Ready
Folder: \Microsoft\Windows\CloudExperienceHost
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
Folder: \Microsoft\Windows\Customer Experience Improvement Program
TaskName Next Run Time Status
======================================== ====================== ===============
Consolidator 4/14/2025 6:00:00 PM Ready
UsbCeip N/A Ready
Folder: \Microsoft\Windows\Data Integrity Scan
TaskName Next Run Time Status
======================================== ====================== ===============
Data Integrity Check And Scan 4/14/2025 11:43:04 PM Ready
Data Integrity Scan N/A Ready
Data Integrity Scan for Crash Recovery N/A Ready
Folder: \Microsoft\Windows\Defrag
TaskName Next Run Time Status
======================================== ====================== ===============
ScheduledDefrag N/A Ready
Folder: \Microsoft\Windows\Device Information
TaskName Next Run Time Status
======================================== ====================== ===============
Device 4/15/2025 4:42:08 AM Ready
Device User N/A Ready
Folder: \Microsoft\Windows\Diagnosis
TaskName Next Run Time Status
======================================== ====================== ===============
RecommendedTroubleshootingScanner N/A Ready
Scheduled N/A Ready
Folder: \Microsoft\Windows\DirectX
TaskName Next Run Time Status
======================================== ====================== ===============
DirectXDatabaseUpdater N/A Ready
DXGIAdapterCache N/A Ready
Folder: \Microsoft\Windows\DiskCleanup
TaskName Next Run Time Status
======================================== ====================== ===============
SilentCleanup N/A Ready
Folder: \Microsoft\Windows\DiskDiagnostic
TaskName Next Run Time Status
======================================== ====================== ===============
Microsoft-Windows-DiskDiagnosticDataColl N/A Ready
Microsoft-Windows-DiskDiagnosticResolver N/A Disabled
Folder: \Microsoft\Windows\DiskFootprint
TaskName Next Run Time Status
======================================== ====================== ===============
Diagnostics N/A Ready
StorageSense N/A Ready
Folder: \Microsoft\Windows\DUSM
TaskName Next Run Time Status
======================================== ====================== ===============
dusmtask N/A Ready
Folder: \Microsoft\Windows\EDP
TaskName Next Run Time Status
======================================== ====================== ===============
EDP App Launch Task N/A Ready
EDP Auth Task N/A Ready
EDP Inaccessible Credentials Task N/A Ready
StorageCardEncryption Task N/A Ready
Folder: \Microsoft\Windows\ExploitGuard
TaskName Next Run Time Status
======================================== ====================== ===============
ExploitGuard MDM policy Refresh N/A Ready
Folder: \Microsoft\Windows\Feedback
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Feedback\Siuf
TaskName Next Run Time Status
======================================== ====================== ===============
DmClient N/A Ready
DmClientOnScenarioDownload N/A Ready
Folder: \Microsoft\Windows\File Classification Infrastructure
TaskName Next Run Time Status
======================================== ====================== ===============
Property Definition Sync N/A Disabled
Folder: \Microsoft\Windows\FileHistory
TaskName Next Run Time Status
======================================== ====================== ===============
File History (maintenance mode) N/A Ready
Folder: \Microsoft\Windows\Flighting
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Flighting\FeatureConfig
TaskName Next Run Time Status
======================================== ====================== ===============
ReconcileFeatures N/A Ready
UsageDataFlushing N/A Ready
UsageDataReporting N/A Ready
Folder: \Microsoft\Windows\Flighting\OneSettings
TaskName Next Run Time Status
======================================== ====================== ===============
RefreshCache 4/14/2025 1:49:12 PM Ready
Folder: \Microsoft\Windows\Input
TaskName Next Run Time Status
======================================== ====================== ===============
LocalUserSyncDataAvailable N/A Ready
MouseSyncDataAvailable N/A Ready
PenSyncDataAvailable N/A Ready
TouchpadSyncDataAvailable N/A Ready
Folder: \Microsoft\Windows\InstallService
TaskName Next Run Time Status
======================================== ====================== ===============
ScanForUpdates 4/15/2025 2:36:48 AM Ready
ScanForUpdatesAsUser N/A Running
WakeUpAndContinueUpdates N/A Disabled
WakeUpAndScanForUpdates N/A Disabled
Folder: \Microsoft\Windows\International
TaskName Next Run Time Status
======================================== ====================== ===============
Synchronize Language Settings N/A Ready
Folder: \Microsoft\Windows\LanguageComponentsInstaller
TaskName Next Run Time Status
======================================== ====================== ===============
Installation N/A Ready
ReconcileLanguageResources N/A Ready
Folder: \Microsoft\Windows\Live
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Location
TaskName Next Run Time Status
======================================== ====================== ===============
Notifications N/A Ready
WindowsActionDialog N/A Ready
Folder: \Microsoft\Windows\Maintenance
TaskName Next Run Time Status
======================================== ====================== ===============
WinSAT N/A Ready
Folder: \Microsoft\Windows\Management
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Management\Provisioning
TaskName Next Run Time Status
======================================== ====================== ===============
Cellular N/A Ready
Logon N/A Ready
Retry N/A Disabled
RunOnReboot N/A Disabled
Folder: \Microsoft\Windows\Maps
TaskName Next Run Time Status
======================================== ====================== ===============
MapsToastTask N/A Ready
MapsUpdateTask N/A Disabled
Folder: \Microsoft\Windows\MemoryDiagnostic
TaskName Next Run Time Status
======================================== ====================== ===============
ProcessMemoryDiagnosticEvents N/A Ready
RunFullMemoryDiagnostic N/A Ready
Folder: \Microsoft\Windows\Mobile Broadband Accounts
TaskName Next Run Time Status
======================================== ====================== ===============
MNO Metadata Parser N/A Ready
Folder: \Microsoft\Windows\MUI
TaskName Next Run Time Status
======================================== ====================== ===============
LPRemove N/A Ready
Folder: \Microsoft\Windows\Multimedia
TaskName Next Run Time Status
======================================== ====================== ===============
SystemSoundsService N/A Running
Folder: \Microsoft\Windows\NetTrace
TaskName Next Run Time Status
======================================== ====================== ===============
GatherNetworkInfo N/A Ready
Folder: \Microsoft\Windows\NlaSvc
TaskName Next Run Time Status
======================================== ====================== ===============
WiFiTask N/A Ready
Folder: \Microsoft\Windows\Offline Files
TaskName Next Run Time Status
======================================== ====================== ===============
Background Synchronization N/A Disabled
Logon Synchronization N/A Disabled
Folder: \Microsoft\Windows\PLA
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Plug and Play
TaskName Next Run Time Status
======================================== ====================== ===============
Device Install Group Policy N/A Ready
Device Install Reboot Required N/A Ready
Sysprep Generalize Drivers N/A Ready
Folder: \Microsoft\Windows\Power Efficiency Diagnostics
TaskName Next Run Time Status
======================================== ====================== ===============
AnalyzeSystem N/A Queued
Folder: \Microsoft\Windows\Printing
TaskName Next Run Time Status
======================================== ====================== ===============
EduPrintProv N/A Ready
Folder: \Microsoft\Windows\RecoveryEnvironment
TaskName Next Run Time Status
======================================== ====================== ===============
VerifyWinRE N/A Disabled
Folder: \Microsoft\Windows\Registry
TaskName Next Run Time Status
======================================== ====================== ===============
RegIdleBackup N/A Ready
Folder: \Microsoft\Windows\Servicing
TaskName Next Run Time Status
======================================== ====================== ===============
StartComponentCleanup N/A Ready
Folder: \Microsoft\Windows\SettingSync
TaskName Next Run Time Status
======================================== ====================== ===============
BackgroundUploadTask N/A Ready
NetworkStateChangeTask N/A Ready
Folder: \Microsoft\Windows\SharedPC
TaskName Next Run Time Status
======================================== ====================== ===============
Account Cleanup N/A Disabled
Folder: \Microsoft\Windows\Shell
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
FamilySafetyMonitor N/A Ready
FamilySafetyRefreshTask N/A Ready
IndexerAutomaticMaintenance N/A Ready
Folder: \Microsoft\Windows\SoftwareProtectionPlatform
TaskName Next Run Time Status
======================================== ====================== ===============
SvcRestartTaskLogon N/A Disabled
Folder: \Microsoft\Windows\SpacePort
TaskName Next Run Time Status
======================================== ====================== ===============
SpaceAgentTask N/A Ready
SpaceManagerTask N/A Ready
Folder: \Microsoft\Windows\Speech
TaskName Next Run Time Status
======================================== ====================== ===============
HeadsetButtonPress N/A Ready
Folder: \Microsoft\Windows\StateRepository
TaskName Next Run Time Status
======================================== ====================== ===============
MaintenanceTasks N/A Ready
Folder: \Microsoft\Windows\Storage Tiers Management
TaskName Next Run Time Status
======================================== ====================== ===============
Storage Tiers Management Initialization N/A Ready
Storage Tiers Optimization N/A Disabled
Folder: \Microsoft\Windows\Subscription
TaskName Next Run Time Status
======================================== ====================== ===============
EnableLicenseAcquisition N/A Ready
LicenseAcquisition N/A Disabled
Folder: \Microsoft\Windows\Sysmain
TaskName Next Run Time Status
======================================== ====================== ===============
HybridDriveCachePrepopulate N/A Disabled
HybridDriveCacheRebalance N/A Disabled
ResPriStaticDbSync N/A Queued
WsSwapAssessmentTask N/A Queued
Folder: \Microsoft\Windows\SystemRestore
TaskName Next Run Time Status
======================================== ====================== ===============
SR N/A Queued
Folder: \Microsoft\Windows\Task Manager
TaskName Next Run Time Status
======================================== ====================== ===============
Interactive N/A Ready
Folder: \Microsoft\Windows\TextServicesFramework
TaskName Next Run Time Status
======================================== ====================== ===============
MsCtfMonitor N/A Ready
Folder: \Microsoft\Windows\Time Synchronization
TaskName Next Run Time Status
======================================== ====================== ===============
ForceSynchronizeTime N/A Ready
SynchronizeTime N/A Ready
Folder: \Microsoft\Windows\Time Zone
TaskName Next Run Time Status
======================================== ====================== ===============
SynchronizeTimeZone N/A Ready
Folder: \Microsoft\Windows\UNP
TaskName Next Run Time Status
======================================== ====================== ===============
RunUpdateNotificationMgr N/A Disabled
Folder: \Microsoft\Windows\UPnP
TaskName Next Run Time Status
======================================== ====================== ===============
UPnPHostConfig N/A Ready
Folder: \Microsoft\Windows\USB
TaskName Next Run Time Status
======================================== ====================== ===============
Usb-Notifications N/A Ready
Folder: \Microsoft\Windows\WCM
TaskName Next Run Time Status
======================================== ====================== ===============
WiFiTask N/A Ready
Folder: \Microsoft\Windows\WDI
TaskName Next Run Time Status
======================================== ====================== ===============
ResolutionHost N/A Running
Folder: \Microsoft\Windows\Windows Defender
TaskName Next Run Time Status
======================================== ====================== ===============
Windows Defender Cache Maintenance N/A Ready
Windows Defender Cleanup N/A Ready
Windows Defender Scheduled Scan N/A Ready
Windows Defender Verification N/A Ready
Folder: \Microsoft\Windows\Windows Error Reporting
TaskName Next Run Time Status
======================================== ====================== ===============
QueueReporting 4/14/2025 1:56:58 PM Ready
Folder: \Microsoft\Windows\Windows Filtering Platform
TaskName Next Run Time Status
======================================== ====================== ===============
BfeOnServiceStartTypeChange N/A Ready
Folder: \Microsoft\Windows\Windows Media Sharing
TaskName Next Run Time Status
======================================== ====================== ===============
UpdateLibrary N/A Ready
Folder: \Microsoft\Windows\WindowsColorSystem
TaskName Next Run Time Status
======================================== ====================== ===============
Calibration Loader N/A Ready
Folder: \Microsoft\Windows\WindowsUpdate
TaskName Next Run Time Status
======================================== ====================== ===============
Scheduled Start N/A Disabled
Folder: \Microsoft\Windows\WindowsUpdate\RUXIM
TaskName Next Run Time Status
======================================== ====================== ===============
RUXIMDisplay 4/15/2025 11:52:36 AM Ready
RUXIMSync 4/18/2025 5:37:33 PM Ready
Folder: \Microsoft\Windows\Wininet
TaskName Next Run Time Status
======================================== ====================== ===============
CacheTask N/A Running
Folder: \Microsoft\Windows\WlanSvc
TaskName Next Run Time Status
======================================== ====================== ===============
CDSSync N/A Ready
Folder: \Microsoft\Windows\Work Folders
TaskName Next Run Time Status
======================================== ====================== ===============
Work Folders Logon Synchronization N/A Ready
Work Folders Maintenance Work N/A Ready
Folder: \Microsoft\Windows\Workplace Join
TaskName Next Run Time Status
======================================== ====================== ===============
Automatic-Device-Join N/A Disabled
Device-Sync N/A Disabled
Recovery-Check N/A Disabled
Folder: \Microsoft\Windows\WwanSvc
TaskName Next Run Time Status
======================================== ====================== ===============
NotificationTask N/A Ready
OobeDiscovery N/A Ready
Folder: \Microsoft\XblGameSave
TaskName Next Run Time Status
======================================== ====================== ===============
XblGameSaveTask N/A Ready Services
PS C:\xampp\htdocs\shenzi> wmic service where "State='Running'" get Name,PathName,StartName | Out-String -Stream | Where-Object { $_ -match 'S' -and $_ -notmatch 'C:\Windows\System32' } | Select-Object -First 100
Name PathName StartName
AppXSvc C:\WINDOWS\system32\svchost.exe -k wsappx -p LocalSystem
AudioEndpointBuilder C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
Audiosrv C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
BFE C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p NT AUTHORITY\LocalService
BITS C:\WINDOWS\System32\svchost.exe -k netsvcs -p LocalSystem
BrokerInfrastructure C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p LocalSystem
CDPSvc C:\WINDOWS\system32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
COMSysApp C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} LocalSystem
CoreMessagingRegistrar C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p NT AUTHORITY\LocalService
CryptSvc C:\WINDOWS\system32\svchost.exe -k NetworkService -p NT Authority\NetworkService
DcomLaunch C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p LocalSystem
Dhcp C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p NT Authority\LocalService
DiagTrack C:\WINDOWS\System32\svchost.exe -k utcsvc -p LocalSystem
DispBrokerDesktopSvc C:\WINDOWS\system32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
Dnscache C:\WINDOWS\system32\svchost.exe -k NetworkService -p NT AUTHORITY\NetworkService
DPS C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p NT AUTHORITY\LocalService
DsmSvc C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
DsSvc C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
DusmSvc C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT Authority\LocalService
EventLog C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
EventSystem C:\WINDOWS\system32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
FontCache C:\WINDOWS\system32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
IKEEXT C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
InstallService C:\WINDOWS\System32\svchost.exe -k netsvcs -p LocalSystem
iphlpsvc C:\WINDOWS\System32\svchost.exe -k NetSvcs -p LocalSystem
KeyIso C:\WINDOWS\system32\lsass.exe LocalSystem
LanmanServer C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
LanmanWorkstation C:\WINDOWS\System32\svchost.exe -k NetworkService -p NT AUTHORITY\NetworkService
LicenseManager C:\WINDOWS\System32\svchost.exe -k LocalService -p NT Authority\LocalService
lmhosts C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
LSM
mpssvc C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p NT Authority\LocalService
MSDTC C:\WINDOWS\System32\msdtc.exe NT AUTHORITY\NetworkService
NcbService C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
Netman C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
netprofm C:\WINDOWS\System32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
NlaSvc C:\WINDOWS\System32\svchost.exe -k NetworkService -p NT AUTHORITY\NetworkService
nsi C:\WINDOWS\system32\svchost.exe -k LocalService -p NT Authority\LocalService
PcaSvc C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
PhoneSvc C:\WINDOWS\system32\svchost.exe -k LocalService -p NT Authority\LocalService
PlugPlay C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p LocalSystem
PolicyAgent C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted -p NT Authority\NetworkService
Power C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p LocalSystem
ProfSvc C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
RasMan C:\WINDOWS\System32\svchost.exe -k netsvcs localSystem
RmSvc C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted NT AUTHORITY\LocalService
RpcEptMapper C:\WINDOWS\system32\svchost.exe -k RPCSS -p NT AUTHORITY\NetworkService
RpcSs C:\WINDOWS\system32\svchost.exe -k rpcss -p NT AUTHORITY\NetworkService
SamSs C:\WINDOWS\system32\lsass.exe LocalSystem
Schedule C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
SecurityHealthService C:\WINDOWS\system32\SecurityHealthService.exe LocalSystem
SEMgrSvc C:\WINDOWS\system32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
SENS C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
SgrmBroker C:\WINDOWS\system32\SgrmBroker.exe LocalSystem
ShellHWDetection C:\WINDOWS\System32\svchost.exe -k netsvcs -p LocalSystem
SSDPSRV C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p NT AUTHORITY\LocalService
SstpSvc C:\WINDOWS\system32\svchost.exe -k LocalService -p NT Authority\LocalService
StateRepository C:\WINDOWS\system32\svchost.exe -k appmodel -p LocalSystem
StorSvc C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
SysMain C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
SystemEventsBroker C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p LocalSystem
TabletInputService C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
Themes C:\WINDOWS\System32\svchost.exe -k netsvcs -p LocalSystem
TimeBrokerSvc C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
TokenBroker C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
TrkWks C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
UserManager C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
UsoSvc C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
VaultSvc C:\WINDOWS\system32\lsass.exe LocalSystem
VGAuthService "C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe" LocalSystem
VMTools "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" LocalSystem
W32Time C:\WINDOWS\system32\svchost.exe -k LocalService NT AUTHORITY\LocalService
WbioSrvc C:\WINDOWS\system32\svchost.exe -k WbioSvcGroup LocalSystem
Wcmsvc C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p NT Authority\LocalService
WdiServiceHost C:\WINDOWS\System32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
WinHttpAutoProxySvc C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
Winmgmt C:\WINDOWS\system32\svchost.exe -k netsvcs -p localSystem
wlidsvc C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
WpnService C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
wscsvc C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
WSearch C:\WINDOWS\system32\SearchIndexer.exe /Embedding LocalSystem
wuauserv C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
cbdhsvc_98e8a C:\WINDOWS\system32\svchost.exe -k ClipboardSvcGroup -p
CDPUserSvc_98e8a C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
OneSyncSvc_98e8a C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
PimIndexMaintenanceSvc_98e8a C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
UnistoreSvc_98e8a C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup
UserDataSvc_98e8a C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
WpnUserService_98e8a C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup Installed Programs
PS C:\xampp\htdocs\shenzi> Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*", "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*", "HKCU:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*" -ErrorAction SilentlyContinue | Select-Object -ExpandProperty DisplayName -ErrorAction SilentlyContinue | Where-Object { $_ } | Sort-Object -Unique
Microsoft Edge
Microsoft Edge Update
Microsoft OneDrive
Microsoft Update Health Tools
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810
Microsoft Visual C++ 2017 x64 Additional Runtime - 14.12.25810
Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.12.25810
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.12.25810
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.12.25810
Update for Windows 10 for x64-based Systems (KB5001716)
VMware Tools
Windows PC Health Check
XAMPPXAMPP
Firewall & AV
PS C:\xampp\htdocs\shenzi> netsh firewall show config
Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Disable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
21 TCP Enable Inbound Allow port 21
80 TCP Enable Inbound Allow port 80
135 TCP Enable Inbound Allow port 135
139 TCP Enable Inbound Allow port 139
443 TCP Enable Inbound Allow port 443
445 TCP Enable Inbound Allow port 445
3306 TCP Enable Inbound Allow port 3306
5040 TCP Enable Inbound Allow port 5040
7680 TCP Enable Inbound Allow port 7680
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Disable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No Network Discovery
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Enable Inbound Apache HTTP Server / C:\xampp\apache\bin\httpd.exe
Enable Inbound mysqld / C:\xampp\mysql\bin\mysqld.exe
Enable Inbound FileZilla Server / C:\xampp\filezillaftp\filezillaserver.exe
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
21 TCP Enable Inbound Allow port 21
80 TCP Enable Inbound Allow port 80
135 TCP Enable Inbound Allow port 135
139 TCP Enable Inbound Allow port 139
443 TCP Enable Inbound Allow port 443
445 TCP Enable Inbound Allow port 445
3306 TCP Enable Inbound Allow port 3306
5040 TCP Enable Inbound Allow port 5040
7680 TCP Enable Inbound Allow port 7680
Log configuration:
-------------------------------------------------------------------
File location = C:\WINDOWS\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at https://go.microsoft.com/fwlink/?linkid=121488 .PS C:\xampp\htdocs\shenzi> Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property ExclusionPath
Get-MpComputerStatus : A general error occurred that is not covered by a more specific error code.
At line:1 char:1
+ Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property Exc ...
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_MpComputerStatus:ROOT\Microsoft\...pComputerStatus) [Get-MpComputerS
tatus], CimException
+ FullyQualifiedErrorId : HRESULT 0x800106ba,Get-MpComputerStatus
ExclusionPath
-------------Session Architecture
PS C:\xampp\htdocs\shenzi> [Environment]::Is64BitProcess
TrueInstalled .NET Frameworks
PS C:\xampp\htdocs\shenzi> cmd /c dir /A:D C:\Windows\Microsoft.NET\Framework ; cmd /c reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP" ; cmd /c reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP" /s
Volume in drive C has no label.
Volume Serial Number is E24B-9BB9
Directory of C:\Windows\Microsoft.NET\Framework
12/07/2019 02:31 AM <DIR> .
12/07/2019 02:31 AM <DIR> ..
12/03/2021 09:10 AM <DIR> v1.0.3705
12/03/2021 09:10 AM <DIR> v1.1.4322
12/07/2019 02:14 AM <DIR> v2.0.50727
04/14/2025 10:57 AM <DIR> v4.0.30319
0 File(s) 0 bytes
6 Dir(s) 26,523,709,440 bytes free
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF\v4.0
HttpNamespaceReservationInstalled REG_DWORD 0x1
NetTcpPortSharingInstalled REG_DWORD 0x1
NonHttpActivationInstalled REG_DWORD 0x1
SMSvcHostPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
WMIInstalled REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x80ff4
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04084
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x80ff4
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04084
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x80ff4
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04084
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x80ff4
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04084
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0
(Default) REG_SZ deprecated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0\Client
Install REG_DWORD 0x1
Version REG_SZ 4.0.0.0.NET 4.8.04084